| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <42EB7EF0.10799.13EAE2AB@localhost>
Date: Sat Jul 30 13:22:07 2005
From: stuart at cyberdelix.net (lsi)
Subject: Cisco IOS Shellcode Presentation
> Just store the program in a frikking *ROM*, and disallow execution of
> opcodes from RAM. It's called a Harvard architecture.
The problem with this will be speed, will it not? It could be cached
into RAM - but then it would be modifiable ...
I also have a query relating to the assertion by Lynn that worms
would be difficult to make, because different firmware has different
offsets. Surely this would be as simple as looping though a list:
if (firmware == x) { attackstring = ABC }
elseif (firmware == y) {attackstring = DEF }
elseif (firmware == z) {attackstring = GHI }
...
etc
Finally, I note from the narrative on tomsnetworking that while the
presentation did not describe exactly how to make an attack script
that gets root, it nonetheless showed off exactly that. "At the
beginning of his talk, Michael Lynn connected to a Cisco router, ran
his shell script and obtained the "enable" prompt." [1]
I thus conclude it's only a matter of time before an "autorooter" is
developed for use against a wide variety of routers.
The window of vulnerability, which is at least three weeks old,
opened wide on the 27th, and remains so. No amount of legal
posturing by anybody can change this.
[1] http://www.tomsnetworking.com/Sections-article131-page4.php
---
Stuart Udall
stuart at@...erdelix.dot net - http://www.cyberdelix.net/
---
* Origin: lsi: revolution through evolution (192:168/0.2)
Powered by blists - more mailing lists